IETF Logo Mail Archive

Re: [Ace] Group Communication Security Disagreements

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 28 July 2016 14:02 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DB0212D75D for <ace@ietfa.amsl.com>; Thu, 28 Jul 2016 07:02:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.188
X-Spam-Level:
X-Spam-Status: No, score=-3.188 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ru3lmC_br9RP for <ace@ietfa.amsl.com>; Thu, 28 Jul 2016 07:02:30 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 880C012D75B for <ace@ietf.org>; Thu, 28 Jul 2016 07:02:30 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 9DB5CE00C; Thu, 28 Jul 2016 10:12:27 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 65045638D1; Thu, 28 Jul 2016 10:02:29 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Michael StJohns <mstjohns@comcast.net>
In-Reply-To: <32aa7104-70df-80c7-8d6e-537b66716de9@comcast.net>
References: <57909032.10809@gmx.net> <6d259c5b-28e3-c748-4590-0c9f942fe343@comcast.net> <378a0359-6b31-a30c-af28-8ea567b06b00@cisco.com> <57963480.2000809@gmx.net> <0d4c6d56-ebb5-2f43-d555-29c336396033@ericsson.com> <15169.1469642303@obiwan.sandelman.ca> <CAHbuEH4u=AF1LSoDq+YfLwt+VX1OOrj54331GuZmyjLswHvNnw@mail.gmail.com> <3271.1469656595@obiwan.sandelman.ca> <32aa7104-70df-80c7-8d6e-537b66716de9@comcast.net>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Thu, 28 Jul 2016 10:02:29 -0400
Message-ID: <13663.1469714549@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/GnD-qg3QAIhDLG1BEx6pYdrino4>
Cc: ace@ietf.org
Subject: Re: [Ace] Group Communication Security Disagreements
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2016 14:02:33 -0000

Michael StJohns <mstjohns@comcast.net> wrote:
    > On 7/27/2016 5:56 PM, Michael Richardson wrote:


    > Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
    >>> Mohit Sethi <mohit.m.sethi@ericsson.com> wrote:
    >>> > designed/developed/specified for their use-case. I could definitely
    >>> > see some IoT startup building a solution that switches on the lights
    >>> > in a room as soon as you unlock the door (thus keeping them in the
    >>> > same group).
    >>>
    >>> Or perhaps more usefully, turning the lights (and the oven) off when you
    >>> leave the house.

    >> Good points, but you could do this without them being in the same
    >> group with some controller that managed the interactions with each.
    >> This would be a good set of examples for the security considerations
    >> sections, providing guidance to use a controller rather than group
    >> keys to perform useful functions like these.

    mcr> I agree.
    mcr> Perhaps we could convince Mike St.Johns to write that section?

    msj> Probably not - as long as symmetric key group communications is used
    msj> as a control protocol.

Well, who other than Nixon could go to China?

    mcr> And ACE has the right mechanisms to make this work well.

    msj> I agree - public key systems. But that seems to be out of scope here.

I'm not convinced.  What I have taken home is that people think they want to
use symmetric keys, and perhaps it might be safe among completely equivalent
devices. I take your point (strongly) that this bubble will be broken, with
catastrophic results.  We need asymmetric methods between bubbles, and we
need to define that early.

    mcr> We should also consider whether we can use hash-chains, like S/KEY did, to
    mcr> authenticate messages that should only go out in emergencies.  Such messages
    mcr> would clearly *need* to be multicast, but once used, they can never be
    mcr> reused.  They can't be originated by more than one sender though.... so it's
    mcr> really the message stored by the "EMERGENCY STOP" button.

    msj> That's an interesting idea - but AIRC, hash chains could be originated
    msj> by anyone that held the signing/verification key.

Yes, provided they distributed the initial (asymmetrically signed) h^n(k)
value out in advance, and gave all the devices enough time to verify that
signature.  Plus flash to store the n-th hash.

For the single sender/controller, multiple receiver/actuator situation this
would be almost as fast as the symmetric group key, yet much more secure.

For the multiple sender situation, you need to replicate things n-times.
But it's still not n*m keys.

    msj> Let's do this the right way. Let's not bow to the "tyranny of the
    msj> light switch" in accepting solutions that are NOT secure, even for the
    msj> limited scope they are proposing.

+1.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.37.1 | Report a Bug | By Email | System Status